add patch series

1 files changed, 83 insertions, 0 deletions

diff --git a/debian/patches/gpg0002-utils-settrans-get-an-authenticated-root-node-in-chr.patch b/debian/patches/gpg0002-utils-settrans-get-an-authenticated-root-node-in-chr.patch
new file mode 100644
index 00000000..559cab7b
--- /dev/null
+++ b/debian/patches/gpg0002-utils-settrans-get-an-authenticated-root-node-in-chr.patch
@@ -0,0 +1,83 @@
+From f5e6769c33723a1d4b72722eff8bb68245ca3803 Mon Sep 17 00:00:00 2001
+From: Justus Winter <justus@gnupg.org>
+Date: Sat, 16 Apr 2016 16:12:35 +0200
+Subject: [PATCH hurd 2/5] utils/settrans: get an authenticated root node in
+ chroot mode
+
+* utils/settrans.c (get_credentials): New function.
+(main): Get an authenticated root node for the process we are
+chrooting.
+
+Signed-off-by: Justus Winter <justus@gnupg.org>
+---
+ utils/settrans.c | 45 ++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 44 insertions(+), 1 deletion(-)
+
+diff --git a/utils/settrans.c b/utils/settrans.c
+index 00cc358..399bd12 100644
+--- a/utils/settrans.c
++++ b/utils/settrans.c
+@@ -88,6 +88,44 @@ static char *args_doc = "NODE [TRANSLATOR ARG...]";
+ static char *doc = "Set the passive/active translator on NODE."
+ "\vBy default the passive translator is set.";
+ 
++/* Authentication of the current process.  */
++uid_t *uids;
++gid_t *gids;
++size_t uids_len, gids_len;
++
++/* Initialize and populate the uids and gids vectors.  */
++error_t
++get_credentials (void)
++{
++  /* Fetch uids...  */
++  uids_len = geteuids (0, 0);
++  if (uids_len < 0)
++    return errno;
++
++  uids = malloc (uids_len * sizeof (uid_t));
++  if (! uids)
++    return ENOMEM;
++
++  uids_len = geteuids (uids_len, uids);
++  if (uids_len < 0)
++    return errno;
++
++  /* ... and gids.  */
++  gids_len = getgroups (0, 0);
++  if (gids_len < 0)
++    return errno;
++
++  gids = malloc (gids_len * sizeof (gid_t));
++  if (! uids)
++    return ENOMEM;
++
++  gids_len = getgroups (gids_len, gids);
++  if (gids_len < 0)
++    return errno;
++
++  return 0;
++}
++
+ /* ---------------------------------------------------------------- */
+ 
+ int
+@@ -340,9 +378,14 @@ main(int argc, char *argv[])
+ 	  mach_port_t root;
+ 	  file_t executable;
+ 	  char *prefixed_name;
++
++	  err = get_credentials ();
++	  if (err)
++	    error (6, err, "getting credentials");
++
+ 	  err = fsys_getroot (active_control,
+ 			      MACH_PORT_NULL, MACH_MSG_TYPE_COPY_SEND,
+-			      NULL, 0, NULL, 0, 0,
++			      uids, uids_len, gids, gids_len, 0,
+ 			      &do_retry, retry_name, &root);
+ 	  mach_port_deallocate (mach_task_self (), active_control);
+ 	  if (err)
+-- 
+2.1.4
+